if not scopes:
            scopes = {}
        flows = OAuthFlowsModel(
            password=cast(
                Any,
                {
                    "tokenUrl": tokenUrl,
                    "refreshUrl": refreshUrl,
                    "scopes": scopes,
                },
            )
        )
        super().__init__(
            flows=flows,
            scheme_name=scheme_name,

from fastapi.testclient import TestClient
from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

reusable_oauth2 = OAuth2(
    flows={
        "password": {
            "tokenUrl": "token",
            "scopes": {"read:users": "Read the users", "write:users": "Create users"},
        }
    },
    auto_error=False,
)

                }
            },
            "components": {
                "securitySchemes": {
                    "OAuth2AuthorizationCodeBearer": {
                        "type": "oauth2",
                        "flows": {
                            "authorizationCode": {
                                "authorizationUrl": "authorize",
                                "tokenUrl": "token",
                                "scopes": {},

                }
            },
            "components": {
                "securitySchemes": {
                    "OAuth2PasswordBearer": {
                        "type": "oauth2",
                        "flows": {"password": {"scopes": {}, "tokenUrl": "/token"}},
                        "description": "OAuth2PasswordBearer security scheme",
                    }
                }
            },
        }

    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").
    * Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, X (Twitter), GitHub, etc):
        * `implicit`
        * `clientCredentials`
        * `authorizationCode`
    * But there is one specific "flow" that can be perfectly used for handling authentication in the same application directly:

                }
            },
            "components": {
                "securitySchemes": {
                    "OAuth2AuthorizationCodeBearer": {
                        "type": "oauth2",
                        "flows": {
                            "authorizationCode": {
                                "authorizationUrl": "authorize",
                                "tokenUrl": "token",
                                "scopes": {},

                }
            },
            "components": {
                "securitySchemes": {
                    "OAuth2PasswordBearer": {
                        "type": "oauth2",
                        "flows": {"password": {"scopes": {}, "tokenUrl": "/token"}},
                    }
                }
            },
        }

            },
            "components": {
                "securitySchemes": {
                    "OAuth2AuthorizationCodeBearer": {
                        "type": "oauth2",
                        "flows": {
                            "authorizationCode": {
                                "scopes": {
                                    "read": "Read access",
                                    "write": "Write access",

 * application-specific data to provide context when invoking session methods.</p>
 *
 * <p>This trace information is particularly useful for:</p>
 * <ul>
 *   <li>Debugging and troubleshooting request flows</li>
 *   <li>Audit logging of session operations</li>
 *   <li>Performance monitoring of nested operations</li>
 * </ul>
 *

import org.lastaflute.web.response.ActionResponse;
import org.lastaflute.web.response.HtmlResponse;

/**
 * SSO (Single Sign-On) action controller.
 *
 * This action handles SSO authentication flows including login, logout, and metadata
 * operations. It coordinates with the SsoManager to perform authentication using
 * configured SSO providers and handles various authentication scenarios including